Description

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.

Remediation

References

CVE-2017-9741

Related Vulnerabilities

WordPress Plugin 10Web Map Builder for Google Maps Security Bypass (1.0.63)

Oracle Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2001-1371)

PHP Improper Input Validation Vulnerability (CVE-2016-3185)

WordPress Plugin Elements For Elementor Local File Inclusion (2.1)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1010016)

Severity

Critical

Classification

CVE-2017-9741 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities